Exploiting weak/predictable user credentials is one of the most common and successful attack scenarios used against SAP systems. During the installation, SAP systems create the standard users SAP*, DDIC and EARLYWATCH. Acunetix WVS tried the default passwords for these standard users (and other commonly used SAP users) and managed to guess a set of credentials that were accepted by the SAP system.
To protect standard SAP users from unauthorized use:
- Define a new superuser and deactivate SAP*.
- Change all of the default passwords for these users.